Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical2
High2
Medium0
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-04-07

CVE-2026-0740 - Ninja Forms File Uploads Plugin

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.

PLUGIN Ninja Forms File Uploads

CVE-2026-0740

CRITICAL CVSS 9.8 2026-04-07
Open Full Technical Breakdown
Threat Entry Updated 2024-09-26

CVE-2024-1596 - Ninja Forms File Uploads Plugin

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ninja Forms File Uploads

CVE-2024-1596

HIGH CVSS 7.2 2024-09-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0888 - Ninja Forms File Uploads Plugin

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0

PLUGIN Ninja Forms File Uploads

CVE-2022-0888

CRITICAL CVSS 9.8 2022-03-23
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0889 - Ninja Forms File Uploads Plugin

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12.

PLUGIN Ninja Forms File Uploads

CVE-2022-0889

HIGH CVSS 7.2 2022-03-23
Open Full Technical Breakdown
Scroll to top